The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Tuesday, July 10, 2018

June 2018 Connector

COMMUNICATIONS

Letter from the Chairman

Dear OWASP Community,

As summer quickly approaches so does the OWASP AppSec EU 2018 London event and we want to send a big thank you to all the volunteers who are working so hard to ensure that everyone who attends the conference has the best experience possible! The committee has selected the best and most relevant hands-on training with some of the most well known trainers in the application security world. After three days of training, stay on with us in London and participate in well thought out and insightful conference seminars. Not only are we offering seminars, but you also have the opportunity to participate in Capture the Flag, or the University Challenge for students, and of course Women in AppSec as well. Lastly, we hope you will join us at the Imperial War Museum for the AppSec EU 2018 conference networking event. It will be a great evening!

This is the event for the application security community! It was created for you by you and your community volunteers without whom this event would not be possible. This is your community and this event belongs to you!

We want to take a moment to thank the volunteers who have dedicated their time and energy to OWASP and AppSec EU 2018 London event. Those of you who have decided to register we thank you in advance and we look forward to many more who will join us and register for the conference.

Below is more information on the foundation, as we continue to highlight the chapters, the projects and the many of the upcoming events that we are attending and supporting. As always if you have any questions for us, please contact us any time!

Sincerely,
Martin Knobloch
Chairman of the Board of OWASP Foundation

OWASP Staff Update

OWASP is pleased to announce that Harold Blankenship has joined the team as Director of Projects and Technology. He comes to OWASP from Texas State University where he was responsible for planning, design and development of multiple student and administrative facing enterprise web applications to improve business process and integrate with MS SQL and Oracle databases. He has supported OWASP as a consultant of special projects for the past year. We are excited to have him dedicated and responsible for the future development and support of projects. He is the main contact for all projects as well as the current GSOC project we are honored to participate in. If you have any questions regarding projects or GSOC please contact Harold at: Harold.Blakenship@owasp.org

As of June 1st, Matt Tesauro has rejoined OWASP as Director of Community and Operations. His dedication to the community and long standing involvement in OWASP as a member and employee are extremely valuable to the foundation we seek to grow the service and engagement with the more than 200 chapters worldwide. Furthermore, he will work on developing process and systems that make serving the community more efficient and effective.

Matt brings to OWASP dedication and a strong and positive reputation in the information and application security community. His technical skills and passion for OWASP will foster the further development of the team, the image and brand of OWASP along with support the processes to implement new objectives, products and services dedicated to growing OWASP and serving the community. OWASP can also draw upon his decade of active contribution at OWASP in projects, chapters and conferences as it modernizes its systems and process for the next decade of growth. Matt can be reached at Matt.Tesauro@owasp.org

Please join me in welcoming Harold and Matt to the OWASP team.

Thanks,
Karen

PROJECTS

A number of exciting things are going on with projects at OWASP:

There are project reviews planned for AppSec EU 2018 including Lab to Flagship reviews for JuiceShop and DefectDojo and Incubator to Lab Status for the Glue Tool project. There will also be general health checks for a number of projects. You can review the information at OWASP Project Reviews We are currently looking for volunteers who can help review the projects on Monday and Tuesday. If you are a project leader who will be attending AppSec EU 2018 and you would like to volunteer to help project reviews, contact project-reviews@owasp.org

There were many OWASP projects highlighted at the Open Security Summit 2018 this past week in Woburn, U.K.: SAMM, DevSecOps Studio, DevSlop, ZAP, JuiceShop, Testing Guide, Top 5 Machine Learning Risks, and the Books Project. There may have been a few others and, if I missed you, I apologize. It was a week full of learning, working on projects, and comaraderie; I wish I could have experienced more.

Speaking of the OWASP Books Project; that project is being rebooted by Sherif Mansour, one of our very own board members. The project looks to provide assistance and resources for getting books covering OWASP related projects and information published to various outlets. Thank you, Sherif, for helping restart this project and also thanks to Rebecca Varley-Winter for helping get the first OWASP Books Project (OWASP SAMM) started.

The Google Summer of Code is on-going and the first evaluations are coming up. This evaluation is a required part of participation in GSoC 2018. If you are a GSoC project mentor, please keep these dates in mind: First Evaluations open June 11 and are DUE before June 15, 16:00 UTC

CHAPTERS

The Ottawa, Canada chapter has been very busy this year, hosting a CTF, monthly meetings, and volunteer planning sessions. They have also welcomed a new chapter leader into the fold: Garth Boyd, a sarcastic, funny, senior security architect who wrangles speakers and other logistics like no other! This year the 12-person-strong organizing team has decided to give formal AppSec lessons, providing a “Deep Dive” into each one of the Top Ten, month by month. Participants are awarded Open Badges (https://openbadges.org/) for participating in the Deep Dive and completing a relevant challenge via Badgr.io on the Secure Coding Dojo training platform (https://github.com/trendmicro/SecureCodingDojo). With new members and software developers who have no previous AppSec experience continuing to join their 800+ meetup, they want to ensure that newcomers have a place to start. The chapter also has two locations now, downtown Ottawa, and Kanata North, in order to server more members. They have also been filming and releasing the talks from the past year, which are available here: https://www.youtube.com/channel/UCxSU-KvNmYusZEq6v4YK5Lw . Feel free to follow them on Twitter @OWASP_Ottawa, talk to them on slack (https://owaspottawa.herokuapp.com/ ) or better yet, join them! https://www.meetup.com/OWASP-Ottawa/

MEMBERSHIP

Ads are not endorsements and reflect the messages of the advertiser only.

Contributor Corporate Members

Interested in learning how to get your company logo posted here? Find out how by visiting our Corporate Member page, or contactKelly Santalucia, our Membership & Business Liaison today!